RubyGems - datadog - Versions diffs - 2.7.1 → 2.17.0 - Mend

datadog 2.7.1 → 2.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (417) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +310 -1
data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +66 -56
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
data/ext/datadog_profiling_native_extension/collectors_stack.c +10 -10
data/ext/datadog_profiling_native_extension/collectors_stack.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_thread_context.c +314 -145
data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
data/ext/datadog_profiling_native_extension/extconf.rb +7 -8
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.c +2 -0
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.h +0 -8
data/ext/datadog_profiling_native_extension/heap_recorder.c +61 -174
data/ext/datadog_profiling_native_extension/heap_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/http_transport.c +64 -98
data/ext/datadog_profiling_native_extension/private_vm_api_access.c +68 -1
data/ext/datadog_profiling_native_extension/private_vm_api_access.h +10 -1
data/ext/datadog_profiling_native_extension/profiling.c +19 -8
data/ext/datadog_profiling_native_extension/ruby_helpers.c +8 -8
data/ext/datadog_profiling_native_extension/stack_recorder.c +84 -131
data/ext/datadog_profiling_native_extension/stack_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
data/ext/libdatadog_api/crashtracker.c +17 -15
data/ext/libdatadog_api/crashtracker.h +5 -0
data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
data/ext/libdatadog_api/init.c +15 -0
data/ext/libdatadog_api/library_config.c +122 -0
data/ext/libdatadog_api/library_config.h +19 -0
data/ext/libdatadog_api/macos_development.md +3 -3
data/ext/libdatadog_api/process_discovery.c +117 -0
data/ext/libdatadog_api/process_discovery.h +5 -0
data/ext/libdatadog_extconf_helpers.rb +1 -1
data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
data/lib/datadog/appsec/actions_handler.rb +49 -0
data/lib/datadog/appsec/anonymizer.rb +16 -0
data/lib/datadog/appsec/api_security/lru_cache.rb +49 -0
data/lib/datadog/appsec/api_security.rb +9 -0
data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
data/lib/datadog/appsec/assets/waf_rules/recommended.json +355 -157
data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
data/lib/datadog/appsec/assets/waf_rules/strict.json +62 -32
data/lib/datadog/appsec/autoload.rb +1 -1
data/lib/datadog/appsec/component.rb +41 -33
data/lib/datadog/appsec/compressed_json.rb +40 -0
data/lib/datadog/appsec/configuration/settings.rb +152 -25
data/lib/datadog/appsec/context.rb +74 -0
data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +92 -0
data/lib/datadog/appsec/contrib/active_record/integration.rb +41 -0
data/lib/datadog/appsec/contrib/active_record/patcher.rb +101 -0
data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
data/lib/datadog/appsec/contrib/devise/configuration.rb +52 -0
data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
data/lib/datadog/appsec/contrib/devise/patcher.rb +33 -25
data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +3 -3
data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
data/lib/datadog/appsec/contrib/excon/integration.rb +41 -0
data/lib/datadog/appsec/contrib/excon/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/connection_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/integration.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/patcher.rb +53 -0
data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +41 -0
data/lib/datadog/appsec/contrib/graphql/appsec_trace.rb +1 -7
data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +17 -30
data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
data/lib/datadog/appsec/contrib/graphql/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +78 -98
data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rack/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +52 -68
data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +16 -33
data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rails/patcher.rb +25 -38
data/lib/datadog/appsec/contrib/rest_client/integration.rb +45 -0
data/lib/datadog/appsec/contrib/rest_client/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +38 -0
data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +31 -68
data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
data/lib/datadog/appsec/contrib/sinatra/patcher.rb +5 -31
data/lib/datadog/appsec/event.rb +96 -135
data/lib/datadog/appsec/ext.rb +12 -3
data/lib/datadog/appsec/instrumentation/gateway/argument.rb +7 -2
data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
data/lib/datadog/appsec/metrics/collector.rb +38 -0
data/lib/datadog/appsec/metrics/exporter.rb +35 -0
data/lib/datadog/appsec/metrics/telemetry.rb +23 -0
data/lib/datadog/appsec/metrics.rb +13 -0
data/lib/datadog/appsec/monitor/gateway/watcher.rb +52 -32
data/lib/datadog/appsec/processor/rule_loader.rb +26 -31
data/lib/datadog/appsec/processor/rule_merger.rb +7 -6
data/lib/datadog/appsec/processor.rb +5 -4
data/lib/datadog/appsec/remote.rb +26 -12
data/lib/datadog/appsec/response.rb +19 -85
data/lib/datadog/appsec/security_engine/result.rb +67 -0
data/lib/datadog/appsec/security_engine/runner.rb +88 -0
data/lib/datadog/appsec/security_engine.rb +9 -0
data/lib/datadog/appsec/security_event.rb +39 -0
data/lib/datadog/appsec/utils.rb +0 -2
data/lib/datadog/appsec.rb +23 -10
data/lib/datadog/auto_instrument.rb +3 -0
data/lib/datadog/core/buffer/random.rb +18 -2
data/lib/datadog/core/configuration/agent_settings_resolver.rb +42 -14
data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
data/lib/datadog/core/configuration/components.rb +76 -32
data/lib/datadog/core/configuration/components_state.rb +23 -0
data/lib/datadog/core/configuration/ext.rb +5 -1
data/lib/datadog/core/configuration/option.rb +79 -43
data/lib/datadog/core/configuration/option_definition.rb +6 -4
data/lib/datadog/core/configuration/options.rb +3 -3
data/lib/datadog/core/configuration/settings.rb +100 -41
data/lib/datadog/core/configuration/stable_config.rb +23 -0
data/lib/datadog/core/configuration.rb +43 -11
data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
data/lib/datadog/core/crashtracking/component.rb +4 -13
data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
data/lib/datadog/core/encoding.rb +17 -1
data/lib/datadog/core/environment/agent_info.rb +78 -0
data/lib/datadog/core/environment/cgroup.rb +10 -12
data/lib/datadog/core/environment/container.rb +38 -40
data/lib/datadog/core/environment/ext.rb +6 -6
data/lib/datadog/core/environment/git.rb +1 -0
data/lib/datadog/core/environment/identity.rb +3 -3
data/lib/datadog/core/environment/platform.rb +3 -3
data/lib/datadog/core/environment/variable_helpers.rb +1 -1
data/lib/datadog/core/error.rb +11 -9
data/lib/datadog/core/logger.rb +2 -2
data/lib/datadog/core/metrics/client.rb +27 -27
data/lib/datadog/core/metrics/logging.rb +5 -5
data/lib/datadog/core/process_discovery.rb +32 -0
data/lib/datadog/core/rate_limiter.rb +4 -2
data/lib/datadog/core/remote/client/capabilities.rb +6 -0
data/lib/datadog/core/remote/client.rb +107 -92
data/lib/datadog/core/remote/component.rb +18 -19
data/lib/datadog/core/remote/configuration/digest.rb +7 -7
data/lib/datadog/core/remote/configuration/path.rb +1 -1
data/lib/datadog/core/remote/configuration/repository.rb +2 -1
data/lib/datadog/core/remote/negotiation.rb +9 -9
data/lib/datadog/core/remote/transport/config.rb +4 -3
data/lib/datadog/core/remote/transport/http/api.rb +13 -18
data/lib/datadog/core/remote/transport/http/client.rb +5 -4
data/lib/datadog/core/remote/transport/http/config.rb +27 -55
data/lib/datadog/core/remote/transport/http/negotiation.rb +8 -51
data/lib/datadog/core/remote/transport/http.rb +25 -94
data/lib/datadog/core/remote/transport/negotiation.rb +17 -4
data/lib/datadog/core/remote/worker.rb +10 -7
data/lib/datadog/core/runtime/metrics.rb +12 -5
data/lib/datadog/core/telemetry/component.rb +84 -49
data/lib/datadog/core/telemetry/emitter.rb +23 -11
data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +65 -0
data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
data/lib/datadog/core/telemetry/event/app_started.rb +179 -0
data/lib/datadog/core/telemetry/event/base.rb +40 -0
data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
data/lib/datadog/core/telemetry/event/log.rb +76 -0
data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
data/lib/datadog/core/telemetry/event.rb +17 -383
data/lib/datadog/core/telemetry/ext.rb +1 -0
data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
data/lib/datadog/core/telemetry/logger.rb +1 -1
data/lib/datadog/core/telemetry/logging.rb +2 -2
data/lib/datadog/core/telemetry/metric.rb +28 -6
data/lib/datadog/core/telemetry/request.rb +4 -4
data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
data/lib/datadog/core/telemetry/transport/http.rb +63 -0
data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
data/lib/datadog/core/telemetry/worker.rb +128 -25
data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
data/lib/datadog/core/transport/http/adapters/unix_socket.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/api/instance.rb +18 -1
data/lib/datadog/core/transport/http/api/spec.rb +36 -0
data/lib/datadog/{tracing → core}/transport/http/builder.rb +53 -31
data/lib/datadog/core/transport/http.rb +75 -0
data/lib/datadog/core/transport/response.rb +4 -0
data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
data/lib/datadog/core/utils/duration.rb +32 -32
data/lib/datadog/core/utils/forking.rb +2 -2
data/lib/datadog/core/utils/network.rb +6 -6
data/lib/datadog/core/utils/only_once_successful.rb +16 -5
data/lib/datadog/core/utils/time.rb +20 -0
data/lib/datadog/core/utils/truncation.rb +21 -0
data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
data/lib/datadog/core/worker.rb +1 -1
data/lib/datadog/core/workers/async.rb +29 -12
data/lib/datadog/core/workers/interval_loop.rb +12 -1
data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
data/lib/datadog/core.rb +8 -0
data/lib/datadog/di/base.rb +115 -0
data/lib/datadog/di/boot.rb +34 -0
data/lib/datadog/di/code_tracker.rb +26 -15
data/lib/datadog/di/component.rb +23 -14
data/lib/datadog/di/configuration/settings.rb +25 -1
data/lib/datadog/di/contrib/active_record.rb +1 -0
data/lib/datadog/di/contrib/railtie.rb +15 -0
data/lib/datadog/di/contrib.rb +28 -0
data/lib/datadog/di/error.rb +5 -0
data/lib/datadog/di/instrumenter.rb +111 -20
data/lib/datadog/di/logger.rb +30 -0
data/lib/datadog/di/preload.rb +18 -0
data/lib/datadog/di/probe.rb +14 -7
data/lib/datadog/di/probe_builder.rb +1 -0
data/lib/datadog/di/probe_manager.rb +11 -5
data/lib/datadog/di/probe_notification_builder.rb +34 -8
data/lib/datadog/di/probe_notifier_worker.rb +52 -26
data/lib/datadog/di/redactor.rb +0 -1
data/lib/datadog/di/remote.rb +147 -0
data/lib/datadog/di/serializer.rb +14 -7
data/lib/datadog/di/transport/diagnostics.rb +62 -0
data/lib/datadog/di/transport/http/api.rb +42 -0
data/lib/datadog/di/transport/http/client.rb +47 -0
data/lib/datadog/di/transport/http/diagnostics.rb +65 -0
data/lib/datadog/di/transport/http/input.rb +67 -0
data/lib/datadog/di/transport/http.rb +57 -0
data/lib/datadog/di/transport/input.rb +62 -0
data/lib/datadog/di/utils.rb +103 -0
data/lib/datadog/di.rb +14 -76
data/lib/datadog/error_tracking/collector.rb +87 -0
data/lib/datadog/error_tracking/component.rb +167 -0
data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
data/lib/datadog/error_tracking/configuration.rb +11 -0
data/lib/datadog/error_tracking/ext.rb +18 -0
data/lib/datadog/error_tracking/extensions.rb +16 -0
data/lib/datadog/error_tracking/filters.rb +77 -0
data/lib/datadog/error_tracking.rb +18 -0
data/lib/datadog/kit/appsec/events.rb +15 -3
data/lib/datadog/kit/identity.rb +9 -5
data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
data/lib/datadog/opentelemetry/api/context.rb +16 -2
data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
data/lib/datadog/opentelemetry.rb +2 -1
data/lib/datadog/profiling/collectors/code_provenance.rb +1 -1
data/lib/datadog/profiling/collectors/info.rb +3 -0
data/lib/datadog/profiling/collectors/thread_context.rb +1 -1
data/lib/datadog/profiling/component.rb +60 -76
data/lib/datadog/profiling/encoded_profile.rb +11 -0
data/lib/datadog/profiling/exporter.rb +3 -4
data/lib/datadog/profiling/ext.rb +0 -2
data/lib/datadog/profiling/flush.rb +5 -8
data/lib/datadog/profiling/http_transport.rb +6 -85
data/lib/datadog/profiling/load_native_extension.rb +1 -33
data/lib/datadog/profiling/scheduler.rb +8 -1
data/lib/datadog/profiling/stack_recorder.rb +4 -4
data/lib/datadog/profiling/tag_builder.rb +1 -5
data/lib/datadog/profiling.rb +6 -2
data/lib/datadog/tracing/analytics.rb +1 -1
data/lib/datadog/tracing/component.rb +16 -12
data/lib/datadog/tracing/configuration/ext.rb +8 -1
data/lib/datadog/tracing/configuration/settings.rb +22 -10
data/lib/datadog/tracing/context_provider.rb +1 -1
data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_record/integration.rb +7 -3
data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +7 -2
data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +36 -1
data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +14 -4
data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
data/lib/datadog/tracing/contrib/aws/instrumentation.rb +10 -0
data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
data/lib/datadog/tracing/contrib/aws/parsed_context.rb +5 -1
data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +4 -0
data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +6 -1
data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/ext.rb +1 -0
data/lib/datadog/tracing/contrib/extensions.rb +29 -3
data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/graphql/configuration/error_extension_env_parser.rb +21 -0
data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +11 -0
data/lib/datadog/tracing/contrib/graphql/ext.rb +5 -0
data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +102 -11
data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
data/lib/datadog/tracing/contrib/http/instrumentation.rb +6 -10
data/lib/datadog/tracing/contrib/http/integration.rb +3 -0
data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -16
data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +7 -15
data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
data/lib/datadog/tracing/contrib/karafka.rb +37 -0
data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
data/lib/datadog/tracing/contrib/patcher.rb +5 -2
data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rack/header_collection.rb +11 -1
data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
data/lib/datadog/tracing/contrib/rack/middlewares.rb +1 -1
data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
data/lib/datadog/tracing/contrib/span_attribute_schema.rb +6 -1
data/lib/datadog/tracing/contrib/support.rb +28 -0
data/lib/datadog/tracing/contrib.rb +1 -0
data/lib/datadog/tracing/correlation.rb +9 -2
data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
data/lib/datadog/tracing/distributed/baggage.rb +131 -0
data/lib/datadog/tracing/distributed/datadog.rb +4 -2
data/lib/datadog/tracing/distributed/propagation.rb +25 -4
data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
data/lib/datadog/tracing/metadata/errors.rb +4 -4
data/lib/datadog/tracing/metadata/ext.rb +5 -0
data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
data/lib/datadog/tracing/metadata.rb +2 -0
data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
data/lib/datadog/tracing/span.rb +22 -5
data/lib/datadog/tracing/span_event.rb +124 -4
data/lib/datadog/tracing/span_operation.rb +52 -16
data/lib/datadog/tracing/sync_writer.rb +9 -5
data/lib/datadog/tracing/trace_digest.rb +9 -2
data/lib/datadog/tracing/trace_operation.rb +44 -24
data/lib/datadog/tracing/trace_segment.rb +6 -4
data/lib/datadog/tracing/tracer.rb +60 -12
data/lib/datadog/tracing/transport/http/api.rb +5 -4
data/lib/datadog/tracing/transport/http/client.rb +5 -4
data/lib/datadog/tracing/transport/http/traces.rb +13 -44
data/lib/datadog/tracing/transport/http.rb +13 -70
data/lib/datadog/tracing/transport/serializable_trace.rb +31 -7
data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
data/lib/datadog/tracing/transport/traces.rb +47 -13
data/lib/datadog/tracing/utils.rb +1 -1
data/lib/datadog/tracing/workers/trace_writer.rb +8 -5
data/lib/datadog/tracing/workers.rb +5 -4
data/lib/datadog/tracing/writer.rb +10 -6
data/lib/datadog/tracing.rb +16 -3
data/lib/datadog/version.rb +2 -2
data/lib/datadog.rb +2 -0
metadata +143 -50
data/ext/datadog_profiling_loader/datadog_profiling_loader.c +0 -142
data/ext/datadog_profiling_loader/extconf.rb +0 -60
data/lib/datadog/appsec/contrib/devise/event.rb +0 -57
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -77
data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -54
data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +0 -46
data/lib/datadog/appsec/contrib/patcher.rb +0 -12
data/lib/datadog/appsec/contrib/rack/reactive/request.rb +0 -69
data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +0 -47
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -53
data/lib/datadog/appsec/contrib/rails/reactive/action.rb +0 -53
data/lib/datadog/appsec/contrib/sinatra/ext.rb +0 -14
data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +0 -48
data/lib/datadog/appsec/monitor/reactive/set_user.rb +0 -45
data/lib/datadog/appsec/processor/actions.rb +0 -49
data/lib/datadog/appsec/processor/context.rb +0 -107
data/lib/datadog/appsec/reactive/address_hash.rb +0 -22
data/lib/datadog/appsec/reactive/engine.rb +0 -47
data/lib/datadog/appsec/reactive/operation.rb +0 -68
data/lib/datadog/appsec/reactive/subscriber.rb +0 -19
data/lib/datadog/appsec/scope.rb +0 -58
data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
data/lib/datadog/core/remote/transport/http/api/instance.rb +0 -39
data/lib/datadog/core/remote/transport/http/api/spec.rb +0 -21
data/lib/datadog/core/remote/transport/http/builder.rb +0 -219
data/lib/datadog/core/telemetry/http/env.rb +0 -20
data/lib/datadog/core/telemetry/http/ext.rb +0 -28
data/lib/datadog/core/telemetry/http/response.rb +0 -70
data/lib/datadog/core/telemetry/http/transport.rb +0 -90
data/lib/datadog/di/transport.rb +0 -81
data/lib/datadog/tracing/transport/http/api/spec.rb +0 -19

data/lib/datadog/appsec/assets/waf_rules/strict.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": "2.2",
   "metadata": {
-    "rules_version": "1.13.1"
+    "rules_version": "1.13.3"
   },
   "rules": [
     {
@@ -10,7 +10,8 @@
       "tags": {
         "type": "security_scanner",
         "crs_id": "913100",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -84,7 +85,8 @@
       "tags": {
         "type": "http_protocol_violation",
         "crs_id": "921120",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -127,7 +129,8 @@
         "crs_id": "921140",
         "category": "attack_attempt",
         "capec": "1000/210/272/220/273",
-        "cwe": "113"
+        "cwe": "113",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -154,7 +157,8 @@
       "tags": {
         "type": "command_injection",
         "crs_id": "932100",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -193,7 +197,8 @@
       "tags": {
         "type": "command_injection",
         "crs_id": "932115",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -690,7 +695,8 @@
       "tags": {
         "type": "command_injection",
         "crs_id": "932130",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -729,7 +735,8 @@
       "tags": {
         "type": "command_injection",
         "crs_id": "932150",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -768,7 +775,8 @@
       "tags": {
         "type": "php_code_injection",
         "crs_id": "933110",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -818,7 +826,8 @@
       "tags": {
         "type": "php_code_injection",
         "crs_id": "933180",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -857,7 +866,8 @@
       "tags": {
         "type": "php_code_injection",
         "crs_id": "933210",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -897,7 +907,8 @@
         "type": "xss",
         "crs_id": "941100",
         "category": "attack_attempt",
-        "cwe": "79"
+        "cwe": "79",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -948,7 +959,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941130",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -994,7 +1006,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941150",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1041,7 +1054,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941160",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1093,7 +1107,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941190",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1134,7 +1149,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941250",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1175,7 +1191,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941260",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1216,7 +1233,8 @@
       "tags": {
         "type": "xss",
         "crs_id": "941370",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1255,7 +1273,8 @@
       "tags": {
         "type": "js_code_injection",
         "crs_id": "941380",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1294,7 +1313,8 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942151",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1333,7 +1353,8 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942170",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1372,7 +1393,8 @@
         "type": "sql_injection",
         "crs_id": "942190",
         "category": "attack_attempt",
-        "cwe": "89"
+        "cwe": "89",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1413,7 +1435,8 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942230",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1452,7 +1475,8 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942320",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1490,7 +1514,8 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942350",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1528,7 +1553,8 @@
       "tags": {
         "type": "java_code_injection",
         "crs_id": "944240",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1573,7 +1599,8 @@
         "type": "lfi",
         "category": "attack_attempt",
         "cwe": "22",
-        "capec": "1000/255/153/126"
+        "capec": "1000/255/153/126",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1612,7 +1639,8 @@
         "type": "lfi",
         "category": "attack_attempt",
         "cwe": "22",
-        "capec": "1000/255/153/126"
+        "capec": "1000/255/153/126",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1653,7 +1681,8 @@
       "tags": {
         "type": "nosql_injection",
         "category": "attack_attempt",
-        "cwe": "943"
+        "cwe": "943",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -1689,7 +1718,8 @@
       "name": "Node.js: Prototype pollution",
       "tags": {
         "type": "js_code_injection",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "module": "waf"
       },
       "conditions": [
         {
@@ -3060,4 +3090,4 @@
       }
     }
   ]
-}
+}

data/lib/datadog/appsec/autoload.rb CHANGED Viewed

@@ -4,7 +4,7 @@ if %w[1 true].include?((ENV['DD_APPSEC_ENABLED'] || '').downcase)
   begin
     require_relative 'contrib/auto_instrument'
     Datadog::AppSec::Contrib::AutoInstrument.patch_all
-  rescue StandardError => e
+  rescue => e
     Kernel.warn(
       '[datadog] AppSec failed to instrument. No security check will be performed. error: ' \
       " #{e.class.name} #{e.message}"

data/lib/datadog/appsec/component.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 require_relative 'processor'
 require_relative 'processor/rule_merger'
 require_relative 'processor/rule_loader'
-require_relative 'processor/actions'
+require_relative 'actions_handler'
 module Datadog
   module AppSec
@@ -12,7 +12,25 @@ module Datadog
       class << self
         def build_appsec_component(settings, telemetry:)
           return if !settings.respond_to?(:appsec) || !settings.appsec.enabled
-          return if incompatible_ffi_version?
+          ffi_version = Gem.loaded_specs['ffi']&.version
+          unless ffi_version
+            Datadog.logger.warn('FFI gem is not loaded, AppSec will be disabled.')
+            telemetry.error('AppSec: Component not loaded, due to missing FFI gem')
+            return
+          end
+          if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.3') && ffi_version < Gem::Version.new('1.16.0')
+            Datadog.logger.warn(
+              'AppSec is not supported in Ruby versions above 3.3.0 when using `ffi` versions older than 1.16.0, ' \
+              'and will be forcibly disabled due to a memory leak in `ffi`. ' \
+              'Please upgrade your `ffi` version to 1.16.0 or higher.'
+            )
+            telemetry.error('AppSec: Component not loaded, ffi version is leaky with ruby > 3.3.0')
+            return
+          end
           processor = create_processor(settings, telemetry)
@@ -24,27 +42,11 @@ module Datadog
           devise_integration = Datadog::AppSec::Contrib::Devise::Integration.new
           settings.appsec.instrument(:devise) unless devise_integration.patcher.patched?
-          new(processor: processor)
+          new(processor, telemetry)
         end
         private
-        def incompatible_ffi_version?
-          ffi_version = Gem.loaded_specs['ffi'] && Gem.loaded_specs['ffi'].version
-          return true unless ffi_version
-          return false unless Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.3') &&
-            ffi_version < Gem::Version.new('1.16.0')
-          Datadog.logger.warn(
-            'AppSec is not supported in Ruby versions above 3.3.0 when using `ffi` versions older than 1.16.0, ' \
-            'and will be forcibly disabled due to a memory leak in `ffi`. ' \
-            'Please upgrade your `ffi` version to 1.16.0 or higher.'
-          )
-          true
-        end
         def create_processor(settings, telemetry)
           rules = AppSec::Processor::RuleLoader.load_rules(
             telemetry: telemetry,
@@ -52,10 +54,6 @@ module Datadog
           )
           return nil unless rules
-          actions = rules['actions']
-          AppSec::Processor::Actions.merge(actions) if actions
           data = AppSec::Processor::RuleLoader.load_data(
             ip_denylist: settings.appsec.ip_denylist,
             user_id_denylist: settings.appsec.user_id_denylist,
@@ -63,9 +61,16 @@ module Datadog
           exclusions = AppSec::Processor::RuleLoader.load_exclusions(ip_passlist: settings.appsec.ip_passlist)
+          # NOTE: This is a temporary solution before the RuleMerger refactoring
+          #       with new RemoteConfig setup
+          processors = rules['processors']
+          scanners = rules['scanners']
           ruleset = AppSec::Processor::RuleMerger.merge(
             rules: [rules],
             data: data,
+            scanners: scanners,
+            processors: processors,
             exclusions: exclusions,
             telemetry: telemetry
           )
@@ -77,23 +82,26 @@ module Datadog
         end
       end
-      attr_reader :processor
+      attr_reader :processor, :telemetry
-      def initialize(processor:)
+      def initialize(processor, telemetry)
         @processor = processor
+        @telemetry = telemetry
         @mutex = Mutex.new
       end
-      def reconfigure(ruleset:, actions:, telemetry:)
+      def reconfigure(ruleset:, telemetry:)
         @mutex.synchronize do
-          AppSec::Processor::Actions.merge(actions)
+          new_processor = Processor.new(ruleset: ruleset, telemetry: telemetry)
+          if new_processor&.ready?
+            old_processor = @processor
-          new = Processor.new(ruleset: ruleset, telemetry: telemetry)
+            @telemetry = telemetry
+            @processor = new_processor
-          if new && new.ready?
-            old = @processor
-            @processor = new
-            old.finalize if old
+            old_processor&.finalize
           end
         end
       end
@@ -104,7 +112,7 @@ module Datadog
       def shutdown!
         @mutex.synchronize do
-          if processor && processor.ready?
+          if processor&.ready?
             processor.finalize
             @processor = nil
           end

data/lib/datadog/appsec/compressed_json.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require 'json'
+require 'zlib'
+require 'stringio'
+require_relative '../core/utils/base64'
+module Datadog
+  module AppSec
+    # Converts derivative schema payloads into JSON and compresses them into a
+    # base64 encoded string if the payload is worth compressing.
+    #
+    # See: https://github.com/DataDog/dd-trace-rb/pull/3177#issuecomment-1747221082
+    module CompressedJson
+      MIN_SIZE_FOR_COMPRESSION = 260
+      def self.dump(payload)
+        value = JSON.dump(payload)
+        return value if value.bytesize < MIN_SIZE_FOR_COMPRESSION
+        compress_and_encode(value)
+      rescue ArgumentError, Encoding::UndefinedConversionError, JSON::JSONError => e
+        AppSec.telemetry.report(e, description: 'AppSec: Failed to convert value into JSON')
+        nil
+      end
+      private_class_method def self.compress_and_encode(payload)
+        Core::Utils::Base64.strict_encode64(
+          Zlib.gzip(payload, level: Zlib::BEST_SPEED, strategy: Zlib::DEFAULT_STRATEGY)
+        )
+      rescue Zlib::Error, TypeError => e
+        AppSec.telemetry.report(e, description: 'AppSec: Failed to compress and encode value')
+        nil
+      end
+    end
+  end
+end